High Recovery with Fewer Injections

Practical Binary Volumetric Injection Attacks against Dynamic Searchable Encryption

Conference Paper (2023)
Author(s)

Xianglong Zhang (Huazhong University of Science and Technology)

Wei Wang (Huazhong University of Science and Technology)

Peng Xu (School of Cyber Science and Engineering, Huazhong University of Science and Technology)

Laurence T. Yang (St. Francis Xavier University, Huazhong University of Science and Technology)

Kaitai Liang (TU Delft - Cyber Security)

Research Group
Cyber Security
More Info
expand_more
Publication Year
2023
Language
English
Research Group
Cyber Security
Pages (from-to)
5953-5970
ISBN (electronic)
9781713879497
Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

Searchable symmetric encryption enables private queries over an encrypted database, but it can also result in information leakages. Adversaries can exploit these leakages to launch injection attacks (Zhang et al., USENIX Security’16) to recover the underlying keywords from queries. The performance of the existing injection attacks is strongly dependent on the amount of leaked information or injection. In this work, we propose two new injection attacks, namely BVA and BVMA, by leveraging a binary volumetric approach. We enable adversaries to inject fewer files than the existing volumetric attacks by using the known keywords and reveal the queries by observing the volume of the query results. Our attacks can thwart well-studied defenses (e.g., threshold countermeasure, padding) without exploiting the distribution of target queries and client databases. We evaluate the proposed attacks empirically in real-world datasets with practical queries. The results show that our attacks can obtain a high recovery rate (> 80%) in the best-case scenario and a roughly 60% recovery even under a large-scale dataset with a small number of injections (< 20 files).

Files

License info not available